是否可以设置一个网站表单网站以同时使用Windows身份验证和Azure广告身份验证? 我们有一个旧的asp.net网站表单网站。我们在其上使用了Windows身份验证。我们添加了通过Azure AD对用户进行身份验证的可能性(我们使用了OWIN)。问题是我们只能设置一种身份验证:Windows或OWIN(azure广告),但是我们需要两者。 在web.config中,我添加了:
<authentication mode="Forms">
<forms name="ccs_auth" loginUrl="sso.aspx" protection="All" path="/" timeout="45" cookieless="UseCookies"/>
</authentication>
<location path="sso.aspx">
<system.web>
<authorization>
<allow users="?,*" />
</authorization>
</system.web>
</location>
在IIS中,我允许sso.aspx页面进行“ Windows身份验证”和“表单身份验证”。我的想法是:当用户重定向到sso.aspx时,我从 System.Web.HttpContext.Current.Request.ServerVariables [“ LOGON_USER”] 获取登录名,然后在活动目录中检查该名称,然后尝试在我们的数据库中查找用户。如果未找到用户,则开始进行Azure活动目录身份验证,如果已通过身份验证,我们将尝试通过Azure AD声明在数据库中查找用户。 我在Startup.cs中的代码:
public void Configuration(IAppBuilder app)
{
if (useAzureAd)
{
app.SetDefaultSignInAsAuthenticationType("ApplicationCookie");
//app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationType = "ApplicationCookie",
LoginPath = new PathString("/sso.aspx"),
CookieSecure = CookieSecureOption.SameAsRequest
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// Sets the ClientId, authority, RedirectUri as obtained from web.config
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
// PostLogoutRedirectUri is the page that users will be redirected to after sign-out. In this case, it is using the home page
PostLogoutRedirectUri = redirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
// ResponseType is set to request the id_token - which contains basic information about the signed-in user
ResponseType = OpenIdConnectResponseType.IdToken,
// ValidateIssuer set to false to allow personal and work accounts from any organization to sign in to your application
// To only allow users from a single organizations, set ValidateIssuer to true and 'tenant' setting in web.config to the tenant name
// To allow users from only a list of specific organizations, set ValidateIssuer to true and use ValidIssuers parameter
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false
},
// OpenIdConnectAuthenticationNotifications configures OWIN to send notification of failed authentications to OnAuthenticationFailed method
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed
}
});
}
}
结果我得到一个例外:
HTTP Error 404.15 - Not Found
The request filtering module is configured to deny a request where the query string is too long.
好像我的请求是无限重定向到sso.aspx:
Requested URL
http://localhost:80/AzureAdWebForm/SSO.aspx?ReturnUrl=%2FAzureAdWebForm%2FSSO.aspx%3FReturnUrl%3D%252FAzureAdWebForm%252FSSO.aspx%253FReturnUrl%253D%25252FAzureAdWebForm%25252FSSO.aspx%25253FReturnUrl%25253D%2525252FAzureAdWebForm%2525252FSSO.aspx%2525253FReturnUrl%2525253D%252525252FAzureAdWebForm%252525252FSSO.aspx%252525253FReturnUrl%252525253D%25252525252FAzureAdWebForm%25252525252FSSO.aspx%25252525253FReturnUrl%25252525253D%2525252525252FAzureAdWebForm%2525252525252FSSO.aspx........................
如果我设置useAzureAd = false,则Windows身份验证可以正常工作。
如果我设置useAzureAd = true并从配置中删除<authentication mode="Forms">-Azure AD正常运行
我的错误在哪里?是否可以在网站表单网站中同时使用Windows身份验证和Azure广告?